| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8205 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8116 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
Use the default service principal as the basis for the rcache name.
login.c:
SVR4 systems typically do not do mail/motd checks in login; they
do it in the profiles (/etc/profile). Follow that convention...
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7951 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
basis for the replay cache name.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7950 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.in: Fix typo in Apr 16 HP-UX change.
* state.c (envvarok): nuke all KRB5* environment variables, not just the
previously selected ones.
* telnetd.c (telnet -> doit): moved SIGTTOU handler before the first thing
which would cause the terminal driver to get upset.
* sys_term.c (line): Remove initialization silliness. The non-GNUC method was
Just Wrong, do it the other way always.
(Xline): Specify length, not contents.
* termio-tn.c (readstream_termio): new file, provides isolated version of
M_IOCTL handling for systems where termio and termios can't be compiled
together.
* termios-tn.c (readstream_termios): new file, provides isolated version of
M_IOCTL handling for systems where termio and termios can't be compiled
together.
* telnetd.c (readstream): use readstream_termios and readstream_termio to
handle getmsg with M_IOCTL.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7883 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provenzano and me:
* Makefile.in (install): Install correct set of man pages, and check for
failures.
* kshd.M, klogind.M: Renamed from kr*.M versions.
* login.M: New file. Man page for login with some description of new features.
* rlogin.M: Remove references to using program with target hostname as argv[0].
* rsh.M: Ditto. Also document -f, -F, -x options.
* login.c: Massive changes. Split much functionality out of main and into
separate file sections: terminal flag settings, Kerberos 4 and 5 support, UNIX
password support, mail check, signal handler handling, some other support
routines. Revamp controlling tty and process group handling. For AFS
configuration, use setpag and run aklog. Try validating password using krb5.
Always set tty flags, not just for rlogin session. When validating tickets,
treat an existing key file that doesn't contain the key we think we want
(possibly because DNS was spoofed) as an error condition.
* Makefile.in (LOGINLIBS): List libkrb524.a here.
(LIBOBJS): Not here.
(login.krb5): Reverse the order of LIBOBJS and LOGINLIBS.
* configure.in: Check for --with-afs. Add AFS libs and define SETPAG if
supplied.
* login.c (KRB5_GET_TICKETS, KRB4_GET_TICKETS, KRB_RUN_AKLOG): new macros
selecting single signon options. krb5.conf profile support for control over
authentication options, above the compile time selection.
(conf_affirmative): new function, recognize yes/no in profile value.
(login_get_kconf): new function, look for all [login] flags and set them in
appropriate globals (via login_conf_set array.)
(main, sleepexit, destroy_tickets): Check the new login_* flags.
(main): rename KRB4_USE_524 to KRB4_CONVERT.
* configure.in: Added checks for tcsetpgrp, tcgetpgrp, setpgid.
* krlogind.c (control): Use tcgetpgrp if it's available.
* loginpaths.h (RPATH, LPATH, LPATH_root): Define HP/UX 9.04 versions,
conditionalized on __hpux and !hpux.
* login.c and configure.in: instead of checking _IBMR2 and __sgi__, write
configure tests to check for the existence of /etc/environment and
/etc/TIMEZONE files, respectively.
* forward.c (rd_and_store_for_creds) : If chown fails then only pass failure
back if owner is different than intended owner. This is to make rsh.exp test
work without requiring root privlidges.
* login.c (main): Don't set TERM to an empty value.
(stypeof) [__hpux]: Return null if unknown.
* krlogin.c (catchild): remove hp/ux kludge because of aclocal.m4 fix.
(speeds): test __hpux for hpux speed list.
(main): test __hpux for use of FIOSSAIOSTAT and FIOSSAIOOWN
(USE_TERMIO): test __hpux for bsdtty/ptyio headers.
* krlogind.c: test __hpux for bsdtty/ptyio headers.
(doit): test __hpux for use of setpgrp2.
* krcp.c (main): test __hpux as well for remsh vs. rsh.
* krcp.c (des_write): Make sure the buffer for the encrypted data is large
enough. Only return an error in malloc fails.
* krsh.c (main): Always turn on anyport -A option.
* krlogind.c (ptsname): Declare if it's going to be used.
* krshd.c (main): Use basename of argv[0] for progname.
* login.c (dofork): On linux, TIOCNOTTY causes us to die on a SIGHUP, so don't
even try it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7881 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7880 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7879 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7864 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
failures.
* kshd.M, klogind.M: Renamed from kr*.M versions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7863 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
multiple names and multiple "host" keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7861 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7858 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
variable initialization; initialization has been corrected to
allow either checksumming or ignoring the checksum.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7855 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
defined, incorrect messages were being displayed for V4 clients.
Additionally, various errors were not being displayed with the
trailing newline.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7852 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
from its name, because it doesn't any more. Same for kshd.
* Document and implement -i option to ignore checksums. Restore
default mode to accept and process checksums if provided.
* Bring back the warning about only using -c with Kerberos5. The
documentation (both install.texi and the man pages) clearly state that
the -c option shouldnot be used in conjunction with Kerberos4, so warn
users if they try.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7849 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7845 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
with vendor logins and packet mode on systems that don't
support it.
Also, clean up spaces in Makefile.in, replacing with tabs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7844 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7839 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
longer necessary.
krcp.c (verifydir, allocbuf, rsource, source, sink): Don't use
sys_errlist[]; just call error_message() instead, since we depend on
com_err anyway.
krshd.c (recvauth):
krlogind.c (recvauth): Don't actually check the checksum unless it is
required. Old (pre-beta 5) clients sent a checksum of random garbage
(such as their pid) which is impossible to actually check on the
server side. (Grad student stupidity strikes again.)
(fatalperror): Don't use sys_errlist[] to get the right error
message; just depend on com_err instead, since we're using it anyway.
krshd.c (doit):
krlogind.c (do_krb_login): Fix logic so that if checksums are
required, and the checksum is valid, don't syslog the stupid warning
message about "Checksums are only required for v5 clients...."
krcp.c, krshd.c, krlogind.c: Miscellaneous -Wall cleanups
krlogind.c (getpty): Removed dead code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7823 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
* Changes to abort the session if telnetd receives certain options
such as environment or DISPLAY options before authentication and
encryption is negotiated or not negotiated.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7818 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7817 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
as libpty deals.
Use setsid() instead of setpgrp() in krshd
if possible.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7812 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7811 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
an unusual location, so they are not likely to be reused by other sessions.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7810 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
kerberos5.c: Add a cleanup function to destroy the credentials cache.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7799 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7798 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* krlogind.c, krshd.c: Allow the recvauth routine to find any key
in the keytab for which the user is trying to login. The host may
be known as many names. Additionally, for krlogind, clean up the
error handling for bad authentication (potential null dereference
and a misleading message because of the wrong authentication system
being used)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7791 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7760 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
This is used by the DejaGnu test suite to pass the shared library
paths to start up rcp properly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7752 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
zero bytes are returned. Since we are using blocking
read calls, and the net_read function deals with
interrupted/resumed reads, consider zero bytes to be
be a terminated connection, so as not to spin.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7749 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
Solaris test was incorrect.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7746 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7745 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
and #$%&* ultrix doesn't protect it from multiple
inclusions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7718 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7711 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7710 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* krcp works correctly even if not all data is written in a single
request.
* Implement temporary patch to make sure des_outbuf is big enough.
Proven should be sending the Cygnus patch once he decides how to
handle this permanently.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7706 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* Force telnetd not to use streams on the SGI; it doesn't support
pushing modules onto a pty.
* Remove old utmpx crud from sys_term.c because it was getting called
inadvertently, didn't compile on the SGI, and libpty already does
something reasonable with utmpx.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7705 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7698 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
instead of char * (Solaris 2.5 refuses to compile it, otherwise).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7672 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
telnetd.c (getterminaltype): If the authentication option which was
negotiated requires that encryption be turned on, then enforce this
here.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7663 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
authenc.c (telnet_spin): Implemented the telnet spin function, which
works by calling the Scheduler with the tty_lockout flag set.
main.c (main): If the -x option is given, set the autologin,
wantencryption, and auth_enable_encrypt flag. They enable
authentication, enforcement of the encryption option, and a flag to
the auth layer to negotiate authentication with mandatory encryption
option.
telnet.c (telnet): If the wantencryption flag is set (because the user
has given the -x option, then we enforce that encryption must be
turned on. The user will not be able to type to the network stream
until encryption is enabled, and if encryption is refused, the client
will print an error message.
(Scheduler): If the tty_lockout flag is set, then don't process
keyboard read events. This prevents the user from typing over the
network until encryption is enabled.
utilities.c (printsub): Added print support for the authentication
must-encrypt option.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7662 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kerberos5.c (kerberos5_send): Send in as input the
authentication type pair (ap->type, ap->way) to be
checksumed in the authenticator.
(kerberos5_is): If the checksum is present in the
authenticator, then validate the authentication type pair
against the checksum.
(kerberos5_reply): If we didn't do mutual authentication,
and we receive a KRB_ACCEPT, then stash away the session
key anyway. This way we have a chance of doing encryption
even if mutual authentication wasn't done.
* encrypt.c (EncryptStartInput, EncryptStartOutput): Added
conditional around printf so that these two functions can
be called by the server.
(encrypt_is_encrypting): New function which returns true
only if both sides of the telnet stream is encrypted.
Fri Mar 15 18:19:44 1996 Theodore Y. Ts'o <tytso@dcl>
* auth.c: Added new authentication scheme for Krb5 mutual
authentication with mandatory encryption.
(auth_send, auth_send_retry): Split auth_send() so that
the functionality done by auth_send_retry() is separate.
This avoids a really dodgy pointer comparison which was
caused by auth_send() being used for two purposes.
If the client has not requested encryption, then don't
use the authentication systems which require encryption.
(auth_must_encrypt): New function which returns whether
or not encryption must be negotiated.
* auth-proto.h: Added prototype for new option
auth_must_encrypt().
* Makefile.in (ENCRYPTION, DES_ENCRYPTION): Added defines to turn
on encryption and des encryption.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7661 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
The old test assumed that either STDARG was defined or __STDC__ - which
is not sufficient.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7660 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7655 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7649 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7647 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
present in keytab. If no services present, return a useful
minor error status.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7642 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7640 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
if setupterm is in curses, grab it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7630 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7629 dc483132-0cff-0310-8789-dd5450dbe970
|
